[ISN] When pen testers go bad

From: InfoSec News (alerts@private)
Date: Sun Jan 21 2007 - 22:27:08 PST


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9008638

By Philip Willan
January 19, 2007
IDG News Service

Milan magistrates have arrested four Telecom Italia SpA employees for 
alleged illegal espionage activities, bringing a fresh wave of scandal 
crashing down onto the former national carrier.

The suspects were identified as Fabio Ghioni, the head of information 
security at Telecom Italia, his assistant Rocco Lucia and Guglielmo 
Sasinini, a former journalist who had been hired by the company to 
conduct country risk analyses for the Middle East region, according to a 
230-page arrest warrant signed by Judge Giuseppe Gennari and widely 
cited in newspaper reports Friday.

A fourth warrant was served in prison on Giuliano Tavaroli, the former 
head of security at Telecom Italia, who had already been incarcerated on 
illegal espionage charges as a result of a separate investigation.

The four men are accused of using Telecom Italias resources to spy on 
Vittorio Colao, the former executive chief executive officer of the 
Rizzoli Corriere della Sera (RCS) SpA publishing group and on Massimo 
Mucchetti, the deputy director of the Corriere della Sera newspaper, as 
part of an elaborate intelligence operation that has all the hallmarks 
of a spy thriller, according to wire reports Thursday and newspaper 
articles Friday.

Ghioni and his colleagues targeted Mucchetti because of his 
well-informed and critical articles about Telecom Italia and its parent 
company Pirelli SpA, according to an article in the Corriere della Sera, 
which contained excerpts from a book written by Muchetti on the subject.

Ghioni, the head of a 10-member "Tiger Team" set up to run penetration 
tests against Telecom Italia's information security system, allegedly 
used a Trojan program, Telecom Italia server in Rome, plus computers in 
Brazil and Switzerland, to break into Colao's company notebook computer 
and steal sensitive data.

Among the documents allegedly stolen was a draft version of the RCS 
three-year business plan. Ghioni allegedly exploited the theft by 
contacting RCS and warning the company that its security measures were 
inadequate. He told company officials the business plan was floating 
around on hacker Web sites and offered to take over the RCS security 
function himself, newspapers reported Friday.

The modus operandi resembled that of his former boss Tavaroli, who 
allegedly rose to the top of Telecom Italias security department after 
engineering the discovery of an electronic bug planted in the Telecom 
Italia chief executive officers car in 2001. The then head of security 
at Telecom Italia was fired for the lapse and Tavaroli was able to take 
his place.

The suspects allegedly exploited contacts with officers of the French 
domestic intelligence service Direction de la Surveillance du Territoire 
(DST) to spy on Pirelli Chairman Marco Tronchetti Provera and his family 
when they spent time in Paris. They are also accused of spying on 
Mucchettis bank accounts and are even alleged to have hired an 
attractive young woman to loiter in a bar near the Corriere della Sera 
in the hopes of picking up the newspapers deputy director.

Though himself a victim of the Tiger Teams espionage, Tronchetti Provera 
has also been accused by a collaborating witness of having a 
professional interest in some of the intelligence that was allegedly 
illegally gathered by Ghioni, Tavaroli and their associates.

Milan prosecutors say the quantity and quality of the information 
gathered on behalf of Pirelli/Telecom was completely out of proportion 
to the real needs of the group.

Tronchetti Provera issued a statement Thursday saying he had never 
authorized the illegal collection of information on anyone and had 
"taken absolutely no part in any illegal activity."


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Sun Jan 21 2007 - 22:47:36 PST